Why would Microsoft 365 be a target?
For many organisations, Microsoft 365 is used for the majority of internal and external communication, and it is a rich store of information.
In other words, it’s a valuable target for a cyber attacker.
What’s the worst that can happen?
If an attacker gains access to a staff member’s M365 account:
- They can view and download any emails, files, or messages accessible in M365 from that account.
- They can set up ways to retain access, so even when the account password is changed or all sessions are logged out, they will still be lurking.
- And they can use this access to send malicious emails, files, or messages to other staff members, or to your clients.
If an attacker gains access to an administrator’s M365 account:
- They can do all of this. And more.
- In fact, they can do whatever they like.
- And the first thing they will probably do is disable all of your administration access, so you can’t stop them.
Do we need to think about the likely impact of such attacks? Things like…
- Immediate business disruption.
- Long term reputational damage.
I’ll stop there.
How can you reduce the risk?
If you want to ensure you’re not an easy target, my Microsoft 365 Security Audit is the solution.
It focuses on the key security measures that can significantly reduce the risk of your Microsoft 365 environment being breached by an attacker.
- Ensures you are not an easy target for cyber criminals.
- Save you time and money by making sure you’re investing in security measures that will make the most significant difference.
- Ensures you can speak confidently with your clients and prospects about the security of your Microsoft 365 environment.
Microsoft 365 Security Audit
- You will know the specific steps required to ensure your organisation’s Microsoft 365 environment is not an easy target for cyber attackers.
The assessment will include a review of the security configuration of the following Microsoft 365 components:
- Email (Exchange Online)
The Reference Baselines
The assessment will align to a benchmark or baseline that is appropriate to your needs and to the expectations of your clients.
This could include baselines / frameworks published by:
- CISA (The US Cybersecurity and Infrastructure Security Agency), in its Secure Cloud Business Applications (SCuBA) Security Baselines.
- NSCS-IE (Ireland’s National Cyber Security Centre) Office 365 Secure Configuration Framework (Foundational & Standard Controls / Levels 0 & 1).
- CIS Controls.
- NIST Cyber Security Framework (CSF).
- We will discuss your specific needs so we can identify an appropriate ‘target end-state’ for your environment.
- I will perform an in-depth and independent security assessment of your Microsoft 365 environment.
- The assessment will be driven by a methodology and set of checklists that I have developed over many years.
- The assessment will also reflect your current “ways of working” to ensure the security recommendations minimise the impact on how you currently do business.
- A clear and detailed recommendations report, written in Plain English, that will show you how to ensure your Microsoft 365 tenant is configured in line with best practice so it is not an easy target for cyber attackers.
- An action tracker checklist, listing each recommended action in priority order. You can use this to track your implementation of the recommendations.
- A 60-minute walkthrough (via MS Teams or Zoom) of the recommendations report, so we can address your questions or comments.
- 1-month and 3-month Check-In / Review Workshops: 1 month and 3 months after completion of the assessment, we will meet for 60 minutes (via MS Teams) to review progress and identify ways to sustain / regain momentum.
- Standard Option: €1,975 + VAT.
- The audit will start within the next few weeks and will be completed within 2-3 weeks of the start date.
- This is a good option if you are not under pressure to get this completed.
- Fast Lane Option: €2,725 + VAT.
- This compresses the timeline.
- The audit will start as soon as possible and be completed within 2-3 days of the start date.
- This is a better option if you are under pressure to get an assessment completed, or you want to just get this off your to-do list as soon as possible.
How To Get Started
- Register below.
- We will review your details to ensure this is a good fit for you.
- We will then provide a provisional date for the audit, and provide you with an invoice that includes a link to our online payments facility.
- The date will be confirmed when payment is received.